Skip to main content
banner image
venafi logo

5 Ways You Can Protect Machine Identities in 2018

5 Ways You Can Protect Machine Identities in 2018

March 13, 2018 | Terrie Anderson

We’re just over two months into the new year. And hopefully, you’ve already started checking off some of your cyber security new year’s resolutions. But while your plan undoubtedly includes several key cyber security improvements, you may have overlooked one critical element—protecting machine identities.

Machine identities are one of the most poorly understood and weakly-protected components of your network infrastructure. What are machine identities? In short - Everything digital including applications, devices, servers, load balancers and more. Most organisations focus all their attention on protecting the user names and passwords that control human identities ( the industry spends about US$ 8 billion a year on this). But, if you’re like most organizations, you probably don’t spend anything protecting the cryptographic keys and digital certificates that serve as machine identities.

And that’s a critical security issue. When cyber criminals steal, forge or compromise a certificate on your network, they’ll appear to be trusted and they may gain privileged access to critical data and services. Your security solutions can’t detect this kind of malicious activity, so attackers can easily pivot across your network, locate valuable data and exfiltrate it through encrypted tunnels. And all of this happens without being detected, unless you take steps to protect yourself.

Here are five things you can do this year to make sure that your machine identities stay secure:

  1. Commit to zero certificate outages this year
    If you are experiencing certificate-related outages, it means that you don’t have visibility into your entire machine identity lifecycle, and you’re not able to proactively manage certificate expiration. Start with putting together a list of all your machine identities including where installed, who owns them, and how they’re being used. Once you have this information you will be able to automate the entire machine identity life cycle, including the management of certificate requests, issuance, installation, renewals, and replacements and completely eliminate certificate related outages.
     
  2. Protect your encrypted tunnels
    Because the number and type of machines on your network is constantly changing, you need an ongoing program that continually updates your machine identity intelligence. After you’ve established a baseline of normal machine identity usage, you can start monitoring machine identities and flagging anomalous use that can indicate a machine identity compromise. As part of this program be sure you have automated alerts and notifications in place to inform you of unauthorized changes or impending actions that need to be taken.
     
  3. Take two steps closer to crypto agility
    In the event of a Certificate Authority compromise or error, you need to be prepared to quickly replace all of the impacted certificates. (Google’s distrust of Symantec is another great example of why you need this type of agility). Automating the entire lifecycle of machine identities will allow you to quickly respond to any security incident that requires bulk remediation across multiple certificates. Once you’ve replaced the impacted certificates, you need to be able to validate that each machine identity that has been changed has also been installed properly and is working correctly. Automated validation is a critical management capability that helps you with ongoing management and security and shows the progress of large-scale replacement events and demonstrates compliance.
     
  4. Set up and enforce certificates security policies
    To keep your machine identities safe, you need to set up machine identity security policies and workflows. This helps you govern every aspect of machine identities—issuance, configuration, use, ownership, management, security, and decommission. Enforcing policies also ensures that every machine identity your organization complies with relevant industry and government regulations. Automating the enforcement of machine identity policies ensures that you’re maximizing the security of every machine identity that your organization uses and ensures that you can product audit-ready evidence whenever you need it.
     
  5. Look for ways to optimize operational efficiencies
    Providing end-users with an easy way to request machine identities allows you to quickly deliver secure machine identities to any business unit. Plus, integrating self-service solutions with DevOps and cloud platforms allows your developers to seamlessly request and install certificates that meet your security requirements without incurring any delays. You can also improve the effectiveness of your overall network and security systems by making sure they have easy access to current keys and certificates.

It’s important to remember that protecting machine identities is just as important to your identity and access management program as protecting human identities. Follow these five steps and you won’t have to worry about compromised machine identities being used against you.

Are you ready to start protecting your machine identities?

Related posts

Like this blog? We think you will love this.
image of a POS calculator printing a long receipt
Featured Blog

Are We There Yet? French Team Cracks the Longest Encryption Algo To Date [Encryption Digest 22]

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Terrie Anderson
Terrie Anderson

Terrie is Country Manager (ANZ) for Forescout Technologies Inc., and a speaker and futurist in Digital Enterprise Leadership, Cyber Security Strategy and Workplace of the Future.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat